Please bump mkdirp to fix [email protected] vulnerability #1768

e2tha-e · 2020-03-13T11:42:59Z

Vulnerability: https://app.snyk.io/test/npm/js-beautify/1.10.3
Also affects older js-beautify versions that depend on [email protected]

Thanks!

e2tha-e · 2020-03-14T13:26:08Z

Can be fixed by this pr:
#1750

shahar-h · 2020-03-17T20:30:59Z

mkdirp 0.5.3 was released with an upgrade to minimist:
isaacs/node-mkdirp#7

e2tha-e · 2020-03-17T23:24:55Z

Excellent! js-beautify will now depend on [email protected], which is remedied of the vulnerability. Nonetheless, it might be worth bumping mkdirp to the latest major version, since [email protected] is a deprecated version.

Otherwise, the mkdirp vulnerability is no longer an issue. I'll leave it to the js-beautify maintainers to decide whether to proceed further and whether to close this issue.

bitwiseman mentioned this issue Mar 18, 2020

Greenkeeper/mkdirp 1.0.3 #1771

Merged

6 tasks

bitwiseman closed this as completed in #1771 Mar 18, 2020

bitwiseman added this to the v1.10.x milestone Apr 5, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Please bump mkdirp to fix [email protected] vulnerability #1768

Please bump mkdirp to fix [email protected] vulnerability #1768

e2tha-e commented Mar 13, 2020

e2tha-e commented Mar 14, 2020 •

edited

Loading

shahar-h commented Mar 17, 2020

e2tha-e commented Mar 17, 2020

Please bump mkdirp to fix [email protected] vulnerability #1768

Please bump mkdirp to fix [email protected] vulnerability #1768

Comments

e2tha-e commented Mar 13, 2020

e2tha-e commented Mar 14, 2020 • edited Loading

shahar-h commented Mar 17, 2020

e2tha-e commented Mar 17, 2020

e2tha-e commented Mar 14, 2020 •

edited

Loading